
class LoginController {

  def beforeInterceptor = [action:this.&auth, except:["index", "login"]]

  def index = {
    session.invalidate()
  }

  def login = {
    String role = Login.getRoleForPasswordHash(params.saltedHash, params.nonce)
    if(Constants.predefinedRoles.contains(role)) {
      session.role = role
      session.maxInactiveInterval = 3600 // 1 hour
      redirect(controller:"gallery",action:"index")
    } else {
      redirect(action:index)
    }
  }

  private auth() {
    if(session?.role == Constants.adminRole){
      return true
    } else {
      flash.message = "You must be an administrator to access this page."
      redirect(controller:"login", action:"index")
      return false
    }
  }
}
